This is my dumping ground for details of my home network. It includes a network topology diagram, switch configuration chart, system configuration summary, various scripts and a photograph of how some of my equipment looked a few years ago. I'm intending to add to this until it's a complete collection of information about all of my systems and the network that they comprise. Once all that info is here I'll organise it, but until then this page is going to have that "slapped together" look.

This is all very useful to have handy (except for the photograph) when diagnosing problems and implementing modifications. Not sure it's of much use to anyone else, but here it is anyway.

This is a network shared by two people (my flatmate Chris and myself) connected to the Internet via a 2Mb cable connection. Chris's segment is nominally 192.168.5/24 - comprising the systems "Frodo," "Chris" and "Bilbo." Everything else is mine, using the naming convention "New Zealand All Black Test Rugby Captains of My Lifetime" which has worked well until now that I have almost as many systems and devices as there are captains.

Our network has five egress points, though that's something of a misnomer. I could more accurately describe them as "points through which foreign traffic might enter our network." Here's there list;

A 2Mb Cable Internet connection

An Asterisk PABX that connects to the PSTN

A dialup link that I use to connect to work

A wireless Access Point for my internal use

A wireless Access Point attached to an 8dbi omni antenna accessible by wireless users in the area.

This number of external gateways increases the level of complexity, meaning that routing, security and monitoring require more attention than might otherwise be the case. While there are any number of alternative methods for deploying a solution that meets our requirements utilising any number of network topologies, our network is relatively easy to maintain, has ample capacity for future growth and (most importantly) makes sense to me.

We use three linux machines as combination router/firewalls - two of which ("Frodo" and "Meads") are paranoid in order to protect our respective LANs and one ("Henderson") which is more forgiving, allowing some connections from the Internet to services available in the DMZ and Voice networks. There is a solid case for moving all three of these systems to a flavour of BSD - I've used the BSD based 'Big-IP F1' appliance in a similar capacity professionally in the past and been impressed by it's capabilities. The homogeneous nature of our network doesn't lend itself to security, as any vulnerability that can compromise one system has a good chance of being able to compromise all the other systems. A heterogenous approach would be more secure.

Our two nominal "servers" perform a routing and firewalling function in addition to the services they provide, as they both bridge networks. "Shelford" firewalls and routes between the DMZ and the public Wireless network (which incidentally, has a coverage radius of about 2 kilometres) in addition to it's server tasks (Web, DNS, Proxy, etc.) while "Marshall" our PABX server bridges the normal telephone network with our data network to provide VOIP services and allow our Internet phones to dial standard telephone numbers.

Our home network is 10/100Mb switched, via two 16 port managed switches. Low end managed switches are now readily available at reasonable prices, though they offer little above base functionality, certainly not in the same league as Cisco's Catalyst range. Both of our switches have a VLAN and a QoS capability, which means that I can (amongst other things) segregate Voice traffic from Data traffic and adjust the priority of certain types of traffic (e.g. Voice high priority, email low priority. Simon's traffic high priority, Chris's traffic low priority.) VLANs conceptually allow a switch to occupy multiple points on a network through virtualisation, simply by assigning particular physical ports on the switch to virtual LANs as described in the switch chart on the right hand side of the diagram below. Unfortunately for me, both of the switches have a crude configuration interface that is only available via a serial port and do not have an SNMP, monitoring or logging capability, but the VLAN and QoS stuff made them worth owning regardless.

While some of this equipment is relatively specialised and has a price tag to match, most of it was recycled or obtained cheaply - often because no-one else had a use for it any more. One of my favorite features of Linux (and other F/OSS software) is that it can be used to make older equipment useful. Check out the specifications for "Meads" and "Henderson" below to see what I mean and think twice before consigning that old Pentium to a corner of the garage.

Name	Address	System	Operating System	Comments
Lochore	192.168.1.4	Sun Ultra-30, UltraSparc II 250, 760MB RAM	Solaris 9	1 Workstation and development server
Meads	192.168.0.2 192.168.1.1 192.168.3.1 192.168.2.1 (virtual)	Pentium 166, 32MB RAM	Linux 2.4	2 Headless. Routing, Firewalling (IPTables), IPSec (Free S/Wan)
Dalton	192.168.1.2	Pentium IV 2.8Ghz, 1GB RAM	Linux 2.6	Workstation
Kirk	192.168.1.3	Sharp Mebius notebook, Pentium II 333, 128MB RAM	Linux 2.6	4 Workstation
Whineray	192.168.2.2 192.168.2.3 (virtual)	Sharp Zaurus 5000 PDA	Linux 2.4	5 Wireless access device
Garmin	N/A	Garmin GPS III+	Garmin 2.06	6 Serial connection only
Mourie	192.168.3.2	ZCOMAX XI-1450 Wireless access point	Firmware 3.2.2	7 128bit WEP, routing mode, MAC address filtering
Fitzpatrick	81.5.138.97 192.168.0.1	Dlink-504 ADSL router	R2.21.002.06.b2t10uk	8 Routing, Filtering, PAT, NAT, DNS Currenty unused
Switch 1	N/A	DSE XH7602 managed switch	N/A	VLANs and QoS
Switch 2	N/A	DSE XH7602 managed switch	N/A	VLANs and QoS
Shelford	192.168.0.4 192.168.4.1	Dell Pentium II 266, 96MB RAM	Linux 2.4	Web, Mail, Public wireless AP, routing, filtering
Henderson	192.168.0.1, 192.168.6.1	Pentium 166, 128MB RAM	Linux 2.6	Headless. Routing, Firewalling (IPTables)
Marshall	192.168.6.2	Compaq Presario Pentium III, 256MB RAM	Linux 2.4	3 Headless. Asterisk VOIP/PABX exchange
Blackadder	192.168.6.3	Grandstream Budgetone SIP phone	N/A	Internet telephony
Oliver	192.168.6.4	Grandstream Budgetone SIP phone	N/A	Internet telephony

How some of this actually looks...

Various Scripts

Henderson's IPTables script.
Mead's IPTables script.
Shelford was the reference system for my Linux Wireless Access Point Howto.